Attack Surface Reduction for Web Services based on Authorization Patterns
Abstract:
During the design of a security architecture for a web application, the usage of security patterns can assist with fulfilling quality attributes, such as increasing reusability or safety. The attack surface is a common indicator for the safety of a web application, thus, reducing it is a problem during design. Today’s methods for attack surface reduction are not connected to security patterns and have an unknown impact on quality attributes, e.g., come with an undesirable trade-off in functionality. This paper introduces a systematic and deterministic method to reduce the attack surface of web services by deriving service interface methods from authorization patterns. We applied the method to the Participation Service that is part of the KIT Smart Campus system. The resulting RESTful web services of the application are presented and validated.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2014 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-1-61208-376-6 ISSN: 2162-2116 urn:nbn:de:swb:90-502514 KITopen-ID: 1000050251 |
| Erschienen in | SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies, November 16 - 20, 2014, Lisbon, Portugal. Ed.: R. Falk |
| Verlag | International Academy, Research, and Industry Association (IARIA) |
| Seiten | 194-201 |
| Schlagwörter | security pattern, attack surface, authorization, web service, rest |
| Nachgewiesen in | Scopus |